Security "Bits"

Replacing MSFT Forefront TMG with a CASB

By Rich Campagna | December 22, 2016 at 12:06 PM

forefront_tmg_sm.jpgDespite the fact that Microsoft's ForeFront Threat Management Gateway (TMG) reached end-of-life at the end of December, 2015, there are still a lot of organizations using TMG to provide secure access to applications like Exchange and Sharepoint. If you fall into this bucket, a cloud access security broker (CASB) like Bitglass is one replacement option that you haven't thought of, and a great way to bridge your (inevitable) migration to Office 365

The first question that comes to mind after reading that paragraph is likely to be, "aren't CASBs a solution for public cloud apps like Office 365 and Salesforce?" Yes, they are, but some can also be used for internal, premises-based applications, and replace many of the key functions in use with TMG including:

  • Agentless reverse proxy and Activesync proxy for common TMG (OWA/Exchange, Sharepoint, etc)
  • Authentication prior to allowing access, ensuring that only authenticated users can reach internal systems. CASBs can integrate with a wide range of identity systems (AD, ADFS, Ping, Okta, OneLogin, etc) and support group-based authorization, multifactor authentication and more. 
  • Endpoint Device Profiling, allowing you to build policies based on device type. For example, you might want to allow full access from managed devices, and partial or restricted access from unmanaged/BYOD devices.
  • Single sign-on across both cloud and premises applications.

But CASB support for these use cases doesn't stop there. You can think of a CASB as TMG+, supporting the aforementioned functions of TMG, in addition to:

  • Data leakage prevention, ensuring identification and control of sensitive data, including a range of advanced remediation actions, including redaction, watermarking, DRM, encryption and more.
  • Cloud-scale, ensuring that as users and load increase, the cloud auto-scales to ensure that appliance and VM performance bottlenecks are a thing of the past. Global load balancing and distributed hosting on services like AWS ensure that your users enjoy excellent performance anywhere. 
  • Malware detection, which is critical given Microsoft stopped providing malware updates for TMG services nearly 3 years ago.
  • Cross-app analytics, identifying suspicious and anomalous activity across both cloud and premises applications.
  • Unified policy across both premises Exchange/Sharepoint and Office 365, so that your users are protected 100% of the time as you make the transition. 

A CASB might not have been your first thought when it comes to exploring replacement alternatives for ForeFront TMG, but it's the only option if you're looking for a seamless migration to public cloud apps like Office 365. Why not check out a demo?

15 minute live demo



see all